> OPENSSL_cleanse is being called with pointer size instead of the buffer size > in some places. > For example crypto/des/des.c: > > void doencryption(void) > ... > static unsigned char *buf=NULL,*obuf=NULL; > ... > OPENSSL_cleanse(buf,sizeof(buf)); > OPENSSL_cleanse(obuf,sizeof(obuf)); > > This is leaving memory uncleared.
Note that file in question is never compiled. The file in question can as well be omitted from source distribution... ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
